D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the ONVIF API. The issue results from the use of a hardcoded PIN. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21492.
History

Mon, 25 Nov 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Dlink
Dlink dcs-8300lhv2
Dlink dcs-8300lhv2 Firmware
Weaknesses CWE-798
CPEs cpe:2.3:h:dlink:dcs-8300lhv2:-:*:*:*:*:*:*:*
cpe:2.3:o:dlink:dcs-8300lhv2_firmware:*:*:*:*:*:*:*:*
Vendors & Products Dlink
Dlink dcs-8300lhv2
Dlink dcs-8300lhv2 Firmware
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2024-05-03T02:15:49.785Z

Updated: 2024-08-02T22:40:34.165Z

Reserved: 2023-12-20T21:52:34.962Z

Link: CVE-2023-51629

cve-icon Vulnrichment

Updated: 2024-08-02T22:40:34.165Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-03T03:16:26.273

Modified: 2024-11-25T14:39:27.587

Link: CVE-2023-51629

cve-icon Redhat

No data.